Sophos SSL VPN connects intermittently for some users on certain network connections

I'm running a pilot for about fifteen users on the Sophos SSL VPN. Most of the users work fine but a handful (including myself) are finding that access does not work all the time on certain networks. I have a laptop with the Sophos SSL VPN client installed and when on my home broadband I generally cannot get it to connect (very occasionally it works). If I reconnect my laptop to my mobile phone hotspot I get straight on every time. This tells me it's nothing to do with the laptop configuration but for some reason my home broadband is unreliable at connecting. I'm on a good internet connection at home so can't see any problem with that. I thought maybe it might be my ISP blocking the VPN but when I try with our old VPN that we are migrating off (Cisco AnyConnect connecting to a Cisco ASA) there are no problem (and have never been any). I have a few users experiencing exactly the same symptoms and the are on different ISPs. Here's a screen shot of the Sophos client log while connecting.

I'm at a loss to the cause but it will be a showstopper for migrating if I can't resolve. Any suggestions to troubleshoot?

Thanks,

Colin

 

  • Hi Colin and welcome to the UTM Community!

    Hmmm - an uncommon problem, indeed.  You're right, it does look like your broadband network is unreliable.  First, let's get some details...

    1. Version of UTM - 9.510?
    2. Is this a Sophos appliance?  If not, what NICs are in use?
    3. Port and Protocol used with SSL VPN?
    4. Is the UTM  behind any other firewall?
    5. Have you done #1 in Rulz to rule out any blocking by the UTM?

    In any case, if this is a trial, you should have access to a Sophos pre-sales engineer at no charge.  Not only are most very good, they also have access to the highest levels of the support staff.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob,

     

    Thanks for the welcome to the UTM Community.

     

    In answer to your questions:

     

    1. Version of UTM - 9.510? Version 9.510-5
    2. Is this a Sophos appliance?  If not, what NICs are in use? Yes, a pair of Sophos SG450s
    3. Port and Protocol used with SSL VPN? TCP 443
    4. Is the UTM  behind any other firewall? No the external interface is directly connected to the Internet.
    5. Have you done #1 in Rulz to rule out any blocking by the UTM? Yes, I've looked through all the logs. IPS is not used and log is empty. Firewall logs shows no requests from my home external IP address.

    Regards,


    Colin

  • In reply to Colin Fraser:

    I would definitely get in touch with Sophos pre-sales, Colin.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob. So I've just spent a couple of hours with Sophos support.

    We tried a different interface. Still not working.

    We tried a different port (8443)......it worked. So I'm going to arrange to get a new connection files pushed out the pilot users and we'll see how it goes.

    Thanks for the helpful advice.

    Colin